I'm sorry, but the knowledge sources provided do not contain a complete, explicit list of all configuration keys and their possible values for the Ory Kratos configuration file. The sources reference the existence of a [reference configuration](https://www.ory.sh/docs/kratos/reference/configuration) and mention that configuration files can be in JSON, YAML, or TOML formats, and that all configuration values can be set using environment variables. However, the actual keys and their possible values are not enumerated in the provided content. For example, the sources mention: - How to enable/disable password authentication:

yaml   selfservice:     methods:       password:         enabled: true

- How to configure password hashers (BCrypt, Argon2id):

yaml   hashers:     algorithm: bcrypt     bcrypt:       cost: 12

or

yaml   hashers:     argon2:       parallelism: 1       memory: 128MB       iterations: 3       salt_length: 16       key_length: 32

- How to set up CORS:

yaml   serve:     public:       cors:         enabled: true         allowed_origins:           - <https://example.org>         allowed_methods:           - POST           - GET         allowed_headers:           - Authorization         exposed_headers:           - Content-Type

- How to set secrets and rotate them:

yaml   secrets:     cookie:       - your-cookie-secret     cipher:       - your-cipher-secret

- How to select cipher algorithms:

yaml   ciphers:     algorithm: xchacha20-poly1305

or

yaml   ciphers:     algorithm: aes

or

yaml   ciphers:     algorithm: noop

But these are only examples, not a full list. For a complete and up-to-date list of all configuration keys and their possible values, you should consult the [Ory Kratos Reference Configuration documentation](https://www.ory.sh/docs/kratos/reference/configuration) directly, as recommended in the sources. The documentation is the authoritative source for all available configuration options and their valid values. The knowledge sources do not explicitly enumerate all keys and values themselves, so I cannot provide a full list here based on the provided information. If you need examples of specific configuration sections, please let me know!

Here are the keys and possible values for the OIDC (OpenID Connect) provider configuration in Ory Kratos, as found in the knowledge sources: ### OIDC Provider Configuration Keys Each OIDC provider is configured as an entry in the

selfservice.methods.oidc.config.providers

array. The following keys are documented: - id: A unique identifier for the provider. This is used in the callback URL and should not be changed once set. - provider: The type of provider (e.g.,

generic

,

google

, etc.). - client_id: The client ID obtained from the OIDC provider. - client_secret: The client secret obtained from the OIDC provider. - issuer_url: The issuer URL of the OIDC provider (e.g.,

<https://accounts.google.com>

). - mapper_url: URL or Base64-encoded JSONnet file that maps OIDC claims to the Ory Identity schema. Example: -

base64://{YOUR_BASE64_ENCODED_JSONNET_HERE}

- Or a URL:

<https://storage.googleapis.com/abc-cde-prd/9cac9717f007808bf17>

- scope: An array of OAuth scopes to request from the provider. Example:

yaml   scope:     - openid     - offline_access     - email

- pkce: Determines PKCE usage. Possible values:

auto

,

force

,

never

. - label: A human-readable label for the provider. - organization_id: (For B2B SSO) The ID of the organization this connection belongs to. - auth_url (optional): Authorization endpoint URL (sometimes required for custom providers). - token_url (optional): Token endpoint URL (sometimes required for custom providers). #### Example Configuration

yaml selfservice:   methods:     oidc:       config:         providers:           - id: generic             provider: generic             client_id: your-client-id             client_secret: your-client-secret             issuer_url: <https://accounts.google.com>             mapper_url: "base64://{YOUR_BASE64_ENCODED_JSONNET_HERE}"             scope:               - openid               - email             pkce: auto             label: "My OIDC Provider"             organization_id: "your-organization-id"       enabled: true

#### Environment Variable Example It is recommended to set the full JSON array as an environment variable if you configure OIDC providers this way:

bash export SELFSERVICE_METHODS_OIDC_CONFIG_PROVIDERS='[{"id":"google","provider":"google","mapper_url":"<file_location>","client_id":"<client_id>","client_secret":"<client_secret>","scope":["openid","email","profile"],"auth_url":"<https://accounts.google.com/o/oauth2/v2/auth>","token_url":"<https://www.googleapis.com/oauth2/v4/token>","issuer_url":"<https://accounts.google.com>"}]'

> Note: The knowledge sources do not provide an exhaustive list of all possible keys, but the above are the main documented options for OIDC provider configuration in Ory Kratos. For more advanced or custom setups, refer to the [official documentation](https://www.ory.sh/docs/kratos/reference/configuration) for the most up-to-date and complete list of options. Sources: [Self-hosted OIDC configuration](https://www.ory.sh/docs/self-hosted/kratos/configuration/oidc) [Create SSO connections for an organization](https://www.ory.sh/docs/kratos/organizations#create-sso-connections-for-an-organization)